As the sophistication of threats that target sensitive data and critical systems grows, the importance of robust security mechanisms becomes even more important. Authentication is a key requirement to ensure that a request that claims to come from a certain source indeed does come from it. For example, an authentication system verifies using a factor (e.g., a password, a token) that a user is indeed he or she purports to be.
Conventional authentication systems and methods are cumbersome, tedious, and not user-friendly. For example, some conventional authentication methods use knowledge-based questions to authenticate users based on what the users know. A user trying to access a service, e.g., calling a call center of a financial institution, may have to answer some questions of private information to prove his/her identity. The user therefore has to actively perform some additional and often inconvenient steps for authentication. Other conventional methods use one-time passwords for a second factor authentication. When a user is trying to log into a website, these conventional methods may send the user a text message including a one-time password. The user may have to enter the received one-time password on the website within a short time to prove his/her identity. These methods may also be insecure, inconvenient, inefficient, and cumbersome, because they require multiple steps within a short time duration for authentication. Such inconvenience may result in negative user experience.